Works perfectly.
For distributed mailing systems, the configuration settings can tell
mailing systems where to consolidate the outgoing "origination
records" for all outgoing email. When communicating back for
verification by a Receiving system, any point of connection (even if
not the physical outgoing system that sent the email) will be able to
query the central data repository for email validation. This data
repository can live within the email system itself or be outsourced to
a data management provider (e.g. MessageLevel.com).
In terms of forwarded email a variety of implementation methods
exist. For example:
1) The email will always have one "origination" address (i.e. the
person sending the email). As such, when receiving systems receive an
email to be forwarded to another address, the configuration script can
default to performing Message Level Authentication process before
forwarding the email. In this since, before the email is forwarded
it's verified as a "real" email and flagged within the origination
data records as being successfully verified. If verified later by
another receiving system (i.e. the system forwarded to), the Message
Level Authentication Process can see that the message has already been
successfully queried and bypass the secondary verification process.
2) In cases where the Message Level authentication process is not
configured to process emails before forwarding, the platform can
append and add data within the origination records at the Receiving
level. For example, while holding the email it can detect a "Forward
To" for the email and supply that data to the origination record that
will be later be queried by the email system that has been forwarded
to. However, the latter opens up security holes and requires further
API programming.
3) As such, the preferred Message Level authentication process within
a "forwarded email" situation is one in which the "To" address is
simply not used for verification process (although it is very clean in
proving the authenticity of messages in normal operation). In other
words, the Message Level authentication process can use a variety of
data supplied within the email itself in order to conduct verification
process. Going back to our example above, let's say the origination
record on the Outgoing Level has the original "To", "From", Time and
Date Stamp, Subject, and a checksum on the Body of the Message. In
such a case where a receiving system receives an email without the
original "To" address due to it being forwarded beyond it's original
delivery address, in Beta testing we've shown with accuracy that the
Message Level authentication process can still verify the authenticity
of the message by using a combination of the "From" address,
Time/Stamp, checksum on the body, and Subject line; instead of needing
the original "To" address.
bill
---------- Original Message ----------------------------------
From: George Schlossnagle <george(_at_)omniti(_dot_)com>
Date: Mon, 19 Apr 2004 23:00:35 -0400
On Apr 19, 2004, at 9:46 PM, Bill Mcinnis wrote:
Hello all,
After watching the back and forth on this list for the last
several months I just wanted to join in and get some feedback
as to why no one is discussing how to answer the one fundamental
question, "Did you send me this email" and why no one has come
up with the answer "Just ask me and I'll tell you" (at the
machine level)?
Please take a look at www.messagelevel.com and give us
some feedback.
How does this handle forwarding or having multiple legitimate possible
'Outbound Email Systems'?
George